Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Sponsored By
Cybersecurity In-Depth: Digging into data about the latest attacks, threats, and trends using charts and tables.
Threat Protection: The REvil RansomwareThreat Protection: The REvil Ransomware
What does DNS activity look like surrounding the REvil/Sodinokibi ransomware threat?
Ben Nahorney
August 24, 2021
1 Min Read
Cisco Security
Earlier this year year in a blog series about threat trends in DNS security, Cisco Security looked at the REvil ransomware, also known as Sodinokibi or Sodin. It noted how the ransomware compromised far more endpoints than Ryuk but had far less DNS communication. However, when revisiting these metrics, Cisco Security researchers noticed this changed in the beginning of 2021. What’s interesting in revisiting this data over an 18-month span is that while the number of endpoints didn’t rise dramatically in 2021, the amount of DNS activity did when comparing each month with the overall averages. In fact, the one noticeable drop in endpoints in December appears to coincide with the beginning of a dramatic rise in DNS activity.
Read the full blog post to learn more.
About the Author(s)
You May Also Like
More Insights
Webinars
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023
Events